Which Version Control Systems support LDAP/AD users and groups

Question

Does anyone know which of the big players (if any) support LDAP/AD users and groups for authentication AND database permissions? Specifically, I'm wondering if SVN, GIT, Mercurial etc. will allow users to login/connect based on AD permissions and also allow granular permissions to be applied to folders within the VC database based on groups within AD. So far my research has not shown this to be possible....

I understand your point but disagree. I believe this to be as fundamental to development work as Visual Studio. To me it is closer to "software for devs" than infrastructure... — Jason Irwin, Oct 17 '09 at 21:06
Yeah, but normally it is a Sysadmin who has to install and maintain the VCS, not a software developer. You'll have a much better audience here. — Aaron Brown, Oct 18 '09 at 15:35

score 6 · Accepted Answer · answered Oct 17 '09 at 19:42

6

VisualSVN Server allows you to manage svn repository permissions using AD users and groups. And the standard edition is free and meets most organization's needs.

answered Oct 17 '09 at 19:42

Jamie Ide

178
1
4

score 2 · Answer 2 · answered Oct 17 '09 at 22:58

2

Not to be flippant, but really, just about all of them do. Since PAM on Linux supports LDAP, standard unix accounts (and therefore, standard files) support LDAP, almost all Linux-compatible version control systems should work fine. Likewise, Windows supports LDAP through Active Directory (AD is basically LDAP with kerberos and some deployment tools, as I understand it), and so any version control that works with standard windows accounts should support it too. I'm pretty sure this all applies to OS X as well.

answered Oct 17 '09 at 22:58

Lee B

3,380
1
17
15

1

You've obviously never used VSS – Jason Irwin Feb 19 '10 at 19:19
1

I only wish that were true --- I just don't consider VSS one of the version control systems that would be in the running :) – Lee B Feb 26 '10 at 23:22

score 2 · Answer 3 · answered Oct 18 '09 at 14:48

Git certainly does - you need to set up PAM to use pam_winbind.so and pam_mkhomedir.so. Create a group (either locally or in AD, depending on how you want to do it) and create your git repositories on the origin server with the --shared flag. This will tell git that you are sharing the repository amongst multiple users, and it will set up permissions appropriately.

score 1 · Answer 4 · answered Sep 01 '10 at 16:02

1

We do authentication against AD using Apache. You should be able to get groups working too with that.

answered Sep 01 '10 at 16:02

Amala

529
2
14

That sounds reasonable - its easy to set up Apache to do LDAP authentication against AD. After that when you setup DAV access to Subversion you can rely on the Apache authentication to authorize using AD user names. – Guss Nov 17 '10 at 09:05

score 1 · Answer 5 · answered Oct 17 '09 at 21:01

1

We are using Centrify to enabling various VCS (ClearCase, Svn, Git) to talk to our AD.
Not free I am afraid, but quite suited for managing user identities in a cross-platform environment since our VCS servers are Unix, while our clients are on Windows: see UNIX & Linux Identity Management

answered Oct 17 '09 at 21:01

VonC

2,653
5
29
48

1

Centrify has an "Express" version that is free for use. You can also try Likewise Open for the same functionality, but its a bit hard to setup properly. – Guss Nov 17 '10 at 09:04
@Guss: excellent. I didn't see that Express version however, since Centrify is entirely managed by our Unix admin team (I don't install it directly) – VonC Nov 17 '10 at 09:17

score 0 · Answer 6 · answered Jan 14 '10 at 17:50

0

Regarding Subversion, there is a tool called svnperms, which can use LDAP to fetch group information (the ACLs are still in the configuration file, but it should be easy to adapt it).

answered Jan 14 '10 at 17:50

score 0 · Answer 7 · answered Apr 30 '10 at 17:40

0

I use Subversion Administrator it is a simple open source web app that allows for integration with active directory/ldap as well as managing post commit hook subscriptions

answered Apr 30 '10 at 17:40

pfranza

111
3

score 0 · Answer 8 · answered Apr 30 '10 at 18:53

0

Perforce can do AD auth, however group management is not integrated with the directory.

answered Apr 30 '10 at 18:53

fsckin

555
4
9

score 0 · Answer 9 · edited Jul 23 '19 at 13:11

SourceGear Vault and Fortress supports authenticating the user via Active Directory.

Vault's Active Directory integration doesn't automatically pickup your current credentials. You enter your user/pwd, and it queries A.D. to authenticate those credentials that you enter. This is a server-side configuration item, obviously, and the server must be configured to use A.D. identity impersonation.

Unfortunately the user list is still maintained within Vault itself. CRUDing users is still up to the version control admin.

Which Version Control Systems support LDAP/AD users and groups

9 Answers9